Having outstayed its welcome in Germany, a company is bringing its legal strategy against file-sharers to the UK. Its first targets are 500 P2P users who illegally distributed a game according to the company, even though many of the victims never even heard of the game in question. All Filesharers receive a letter in which they are urged to settle the case for a relatively small sum of money. So who are the accusers and what quality of evidence do they hold?

Since early March 2007, many internet forums have been buzzing with news of users receiving letters from UK law firm Davenport Lyons, alleging that they have illegally distributed (uploaded) the ‘Dream Pinball 3D’ game from German company Zuxxez Entertainment. The letters, which were sent out to 500 alleged file-sharers, demand a minimum of Â£340 ($667) to avoid being taken to court and claimed potential costs of “tens of thousands of pounds”. Most of the alleged filesharers never even heard of the pinball game, or never had the IP-address that was listed in the letter. However, some already report to have paid the settlement money because they don’t want any legal trouble, it almost sounds like a perfect scam.

The letters state:

"Our client has retained forensic computer analysts to search for and identify internet addresses from which their games are being made available on so called "peer to peer" (P2P) internet sites for the purposes of making them available for download by third parties without our client's consent or licence"

Note that the letters are not addressed to an individual, just ‘Dear sir or madam’ – this proves that the ‘forensic’ process cannot correctly identify an alleged infringer behind an IP address.

It continues:

"Our client is in possession of compelling evidence that on the following date and time 15.09.2006 12:15:22 [made up date/time for illustration purposes] (captured in the German time zone), the Game was made available from the internet protocol (or IP) address XXX.XXX.XXX.XX specifically for the purpose of downloading by third parties. Pursuant to a High Court Order, the internet service provider XXXXXXXXXXXXX identified you as the subscriber associated with that IP address at the time in question".

TorrentFreak has seen evidence that suggests alleged infringers’ IP addresses were being collected within hours of the game appearing on the eDonkey network. Unconfirmed reports even suggest that the delay could be measured in minutes.

So where exactly does this ‘compelling evidence’ come from, who are these ‘forensic computer analysts’ and why does the letter speak of evidence gathered in the German time zone? A little background;

Back in 2005, it became evident that Zuxxez Entertainment had decided to take a very aggressive course of action against Germans accused of sharing their game ‘Earth 2160′ on the eDonkey network by employing a law firm to file 12,000 claims with the state prosecutor’s office in Karlsruhe (the home town of Zuxxez). In the German case the settlement were also relatively low, giving the alleged filesharers an easy way out, instead of taking it to court.

The ISPs in Germany soon got tired of all these ungrounded, and seemingly random infringement notices, and they soon stopped responding to the claims Zuxxez made until there was some hard evidence against their customers. Zuxxez realized then decided that they couldn’t make any easy money in Germany anymore and moved to the UK, still using the same strategy.

In each claim, the law firm shows the software alleged to have been uploaded (in the UK it’s the Pinball game), the IP address of the alleged infringer plus the users emule/edonkey user ID and a timestamp. So who collated this information? Enter Logistep, a Swiss anti-piracy company employed by Zuxxez to track down eMule users they claim were sharing its software, gather information and use it to gain Court Orders to force ISP’s to give up the names and addresses connected to the accused IP address. In the UK, it’s believed that up to 18 ISP’s were presented with Court Orders to force them to reveal users personal details.

Although Zuxxez and Davenport Lyons don’t openly admit to using Logistep in these UK cases, it seems more than likely, given that information on the Internet Piracy Portal states that Logistep are a partner of Schutt, Waetke (the law firm dealing with the German cases) and also Davenport Lyons in the UK. Of interest is that Zuxxez Entertainment has its home in Karlsruhe, Germany and so does Logistep, even though the company appears to be registered in Switzerland.

In each English case it’s likely that Davenport Lyons will have obtained what is known as a Norwich Pharmacal Order, which relates to the obtaining of information regarding infringements from parties who may not themselves be involved in the infringement, i.e the ISP. In the original Norwich Pharmacal Co and Others v Customs & Excise Commissioners case in 1973/74, it was ruled that a party who became even innocently involved in someone else’s wrong doing, was under obligation to provide the injured party with information to identify the wrong doer.

Apparently, such an order should not be granted where it’s clear that the plaintiff is ‘fishing’ (phishing) for information and is attempting to discover something that will form the basis of a court action. As the law firm is very obviously making a ‘phishing’ attempt to obtain the name of a possible infringer other than the account holder, this should be something that anyone accused should take up with their lawyer.

Davenport Lyons imply that the evidence against alleged infringers is so good that the fact that a court order was granted is likely to be enough to prove guilt. This is seriously up for debate. In Germany, a criminal investigator has stated that Logistep refuses to reveal how it gathers information against alleged infringers so it becomes impossible to confirm that the data it collects is correct. In my opinion, it is of paramount importance that Logistep is required to reveal how it gathers such evidence in order to prove its validity to a court, otherwise it’s possible that there would be errors, leading to the wrong people being accused and/or convicted. A UK Government audited and approved system could give their case credibility but until such an audit takes place, I don’t see how their systems can be trusted.

According to a computer forensics expert, the evidence held is likely to be inconclusive and the digital equivalent of Hearsay. Visitors to this thread will note that the expert seems to be offering his services on a no-win, no-fee basis. If his support means that the accused don’t have to go to Court, then he says there is nothing to pay. Any fees will be taken from costs awarded should the accused win their cases. We cannot endorse this guy but it’s certainly worth a look. There is an interesting post about other legal issues here.

Several people accused of uploading Dream Pinball are concerned that they may have an unsecured wireless network and that unknown third-parties may have committed an offence without their knowledge. Davenport Lyons have already responded to at least one person who put this scenario to them;

“There has already been a ruling in the German courts confirming that a wireless network is the responsibility of its owner and any consequences of failing to secure the network fall upon the owner of it, irrespective of who carried out the illegal activity”.

There was indeed a decision in the regional court of Hamburg on 27th July 2006 (ref 308 O 407/06) which ruled that the owner of an internet connection is responsible for infringements which take place on it. Presumably, if there had been a case under relevant UK law, Davenport Lyons would have mentioned it, rather than having to resort to referencing a German case.

So it appears that in the UK it may remain uncertain as to whether an account holder is liable for the actions of others on his internet connection. It’s an issue for the Court to decide, not a law firm or anti-piracy company. Indeed, an English Court may decide that the person who has had their wireless network hacked, bandwidth stolen, connection used illegally and reputation damaged, is actually a victim of a crime themselves and if companies like Logistep have the ability to identify the criminal who did this, then surely they have a legal obligation to do so. Anyone who feels they are the victim of this fraud should present this scenario to their lawyer.

In addition to the ‘uploading’ claim, one of the claims in the letter relates to the illegal copying of the game to the hard drive. Even if someone in the UK is found responsible for what someone does on their internet connection, surely they cannot be guilty of copying the game to the hard drive if this was done by an unauthorised user accessing an unsecured wireless LAN, on a PC outside of their control?

In Germany the district court in Mannheim denied Schutt-Waetke any fees they asked from a defendant, claiming the firm had already filed over 3700 similar cases and it was hard to see where such automated proceedings would require extensive work justifying any fees. A Court may or may not decide that should be the case here.

Dirk Hassinger, the sales director at Zuxxez said he had tried to find a law firm prepared to charge low fees because he didn’t want to “bankrupt” file sharers. On face value, this seems like a considerate thing to do, until you examine some of the wording in the Davenport Lyons letter;

“In the event that you were not able to pay whatever sums the court may direct, our client would have no option but to take steps to enforce the debt against your property”

So Zuxxez don’t want to bankrupt people but are quite willing to threaten their family home. Very considerate. It’s more likely that Zuxxez make the settlement ‘affordable’ to make sure defendants choose not to go to court. If going to court means companies like Logistep are forced to reveal their methods and they prove suspect, the whole process could fall to its knees. If someone is proven unresponsible for the actions of a wireless hacker, the whole process could fall to its knees. Obviously this is the last thing that Zexxez, Logistep or Davenport Lyons want.

Finally, having battered the German legal system with their proceedings and taking steps to do the same in the UK, it appears Italy is also becoming a target . Ominously, Logistep also have legal partners in Dubai, Israel, Austria, Poland and the USA.